Stefan Metzmacher [Fri, 28 Aug 2020 13:33:43 +0000 (15:33 +0200)]
s3:selftest: also run durable_v2_reconnect_delay_msec in samba3.blackbox.durable_v2_delay
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Matthew DeVore [Fri, 7 Aug 2020 20:27:39 +0000 (13:27 -0700)]
lib/util: remove extra safe_string.h file
lib/util/safe_string.h is similar to source3/include/safe_string.h, but
the former has fewer checks. It is missing bcopy, strcasecmp, and
strncasecmp.
Add the missing elements to lib/util/safe_string.h remove the other
safe_string.h which is in the source3-specific path. To accomodate
existing uses of str(n?)casecmp, add #undef lines to source files where
they are used.
Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 28 02:18:40 UTC 2020 on sn-devel-184
Matthew DeVore [Fri, 7 Aug 2020 18:17:34 +0000 (11:17 -0700)]
s3: safe_string: do not include string_wrappers.h
Rather than have safe_string.h #include string_wrappers.h, make users of
string_wrappers.h include it explicitly.
includes.h now no longer includes string_wrappers.h transitively. Still
allow includes.h to #include safe_string.h for now so that as many
modules as possible get the safety checks in it.
Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Matthew DeVore [Fri, 7 Aug 2020 18:14:57 +0000 (11:14 -0700)]
string_wrappers: include replace.h
To ensure we always get the right value for the config.h macro
`HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS`, #include "lib/util/replace.h"
rather than rely on it being included by the API user.
Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Matthew DeVore [Fri, 7 Aug 2020 18:27:53 +0000 (11:27 -0700)]
lib/util: do not make string_wrappers.h public
string_wrappers.h is a collection of macros. All but one of the macros
rely on symbols not defined in public headers, so it is not useful as a
public header.
For instance, fstring is defined in includes.h. PTR_DIFF is defined in
lib/util/memory.h, which is not public.
checked_strlcpy is actually self-contained and is usable outside of a
Samba build, but without a Samba config.h, it is just aliased to
strlcpy.
Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Matthew DeVore [Thu, 6 Aug 2020 22:42:46 +0000 (15:42 -0700)]
s3: safe_string: remove unnecessary include
safe_string.h is only included by source3/include/includes.h, which
already includes ntstatus.h, so it is not necessary to include it
from within safe_string.h.
Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 2 Apr 2020 12:16:10 +0000 (14:16 +0200)]
s3:smbd: Fix strict aliasing in get_socket_port()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 27 21:59:17 UTC 2020 on sn-devel-184
David Mulder [Wed, 19 Aug 2020 17:27:26 +0000 (11:27 -0600)]
GPO: Add rsop output for Messages policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu Aug 27 17:19:48 UTC 2020 on sn-devel-184
David Mulder [Wed, 19 Aug 2020 17:25:57 +0000 (11:25 -0600)]
GPO: Test rsop output for Messages policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Wed, 8 Jul 2020 21:30:25 +0000 (15:30 -0600)]
gpo: Apply Group Policy Login Prompt Message
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 9 Jul 2020 15:53:34 +0000 (09:53 -0600)]
gpo: Test Group Policy Login Prompt Message
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Wed, 8 Jul 2020 21:29:42 +0000 (15:29 -0600)]
gpo: Apply Group Policy Message of the day
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 9 Jul 2020 14:39:41 +0000 (08:39 -0600)]
gpo: Test Group Policy Message of the day
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Wed, 19 Aug 2020 20:23:37 +0000 (14:23 -0600)]
GPO: Add rsop output for smb.conf policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Wed, 19 Aug 2020 19:02:48 +0000 (13:02 -0600)]
GPO: Test rsop output for smb.conf policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Wed, 18 Jul 2018 17:34:09 +0000 (11:34 -0600)]
gpo: Add CSE for applying smb.conf
Add an extension that applies smb.conf params
applied via the smb.conf admx files.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Wed, 25 Jul 2018 21:24:35 +0000 (15:24 -0600)]
gpo: Test Group Policy smb.conf Extension
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Tue, 17 Jul 2018 19:15:38 +0000 (13:15 -0600)]
gpo: Add admx files for smb.conf parameters
Administrative Template (admx) files are
installed to the sysvol central store, and
apply Group Policy settings to the sysvol, via
the Group Policy Management Console (gpmc).
These admx files add smb.conf settings to the
gpmc.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Fri, 7 Aug 2020 20:15:30 +0000 (14:15 -0600)]
gpo: gp_krb_ext always uses set_kdc_tdb to update
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Fri, 7 Aug 2020 20:09:27 +0000 (14:09 -0600)]
gpo: Move gp_sec_ext conversion functions to top
These functions don't actually use self, so can
be moved to top level functions.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Fri, 7 Aug 2020 17:09:17 +0000 (11:09 -0600)]
gpo: Display Security Extension RSOP on ADDC only
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 6 Aug 2020 23:25:47 +0000 (17:25 -0600)]
gpo: Fix unapply failure when multiple extensions run
When multiple Group Policy Extensions are present,
only the last executed extension saves it's
changes to the Group Policy Database, due to the
database being loaded seperately for each
extension.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 6 Aug 2020 21:41:13 +0000 (15:41 -0600)]
gpo: Test multiple extention unapply
Verify that an unapply of multiple extentions
deletes the script files and policy settings.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Fri, 7 Aug 2020 19:44:55 +0000 (13:44 -0600)]
gpo: Sudoers ext should not crash if policy missing
If a user has manually removed a policy, the
extension should not crash in an unapply removing
it.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Fri, 7 Aug 2020 19:39:18 +0000 (13:39 -0600)]
gpo: Script ext should not crash if script missing
If a user has manually removed a script, the
extension should not crash in an unapply removing
it.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Fri, 7 Aug 2020 19:59:32 +0000 (13:59 -0600)]
gpo: Cleanup sudoers policy test
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Fri, 7 Aug 2020 19:58:34 +0000 (13:58 -0600)]
gpo: Cleanup script policy test
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 6 Aug 2020 21:18:16 +0000 (15:18 -0600)]
gpo: Avoid using distutils since it will be deprecated
We shouldn't use distutils.spawn.find-executable
here, since its use is discouraged:
https://docs.python.org/3/library/distutils.html
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 6 Aug 2020 19:30:36 +0000 (13:30 -0600)]
gpo: Clarify the contents of deleted_gpo_list in process_group_policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 6 Aug 2020 18:44:41 +0000 (12:44 -0600)]
gpo: Add rsop output for Sudoers policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 6 Aug 2020 20:53:02 +0000 (14:53 -0600)]
gpo: Test rsop output for Sudoers policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 6 Aug 2020 18:38:14 +0000 (12:38 -0600)]
Add WHATSNEW section on Client Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Jeremy Allison [Wed, 26 Aug 2020 19:41:27 +0000 (12:41 -0700)]
s3: libsmb: Remove one more ugly sockaddr cast in resolve_name_list() by converting to samba_sockaddr.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 27 08:16:37 UTC 2020 on sn-devel-184
Jeremy Allison [Wed, 26 Aug 2020 19:35:42 +0000 (12:35 -0700)]
s3: libsmb: Inside get_dc_list() move one more sockaddr_storage -> samba_sockaddr.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Tue, 25 Aug 2020 15:39:18 +0000 (17:39 +0200)]
third_party: Update resolv_wrapper to version 1.1.7
This fixes some Samba tests which redirect stderr to stdout and then get
more messages than expected.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Aug 26 09:59:28 UTC 2020 on sn-devel-184
Andreas Schneider [Tue, 25 Aug 2020 06:28:00 +0000 (08:28 +0200)]
selftest: Catch exception from dns_hub.py
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Rowland Penny [Tue, 25 Aug 2020 12:19:28 +0000 (13:19 +0100)]
docs-xml: pam_winbind manpage: grammar and typos
Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 26 04:44:51 UTC 2020 on sn-devel-184
Andrew Bartlett [Wed, 26 Aug 2020 00:50:00 +0000 (12:50 +1200)]
oss-fuzz: Ensure a UTF8 locale is set for the samba build
This ensures that LANG=en_US.UTF8 is set, which
Samba's build system needs to operate in UTF8 mode.
The change to use flex to generate code meant that this
difference between GitLab CI and oss-fuzz was exposed.
REF: https://github.com/google/oss-fuzz/pull/4366
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 26 03:20:46 UTC 2020 on sn-devel-184
Andrew Bartlett [Wed, 26 Aug 2020 00:47:04 +0000 (12:47 +1200)]
oss-fuzz: Try harder to ensure we always fail fast
During a previous attempt to fix the LANG= issue I changed
the script invocation to be via a shell, so the set -x et al
ensures these are always in place and we fail fast
rather than failures only being detected by lack of output.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Jeremy Allison [Mon, 24 Aug 2020 22:35:32 +0000 (15:35 -0700)]
s3: libsmb: Cleanup - remove an ugly sockaddr_in cast inside resolve_wins_send().
Use samba_sockaddr for its intended purpose.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 25 17:43:17 UTC 2020 on sn-devel-184
Jeremy Allison [Mon, 24 Aug 2020 19:11:33 +0000 (12:11 -0700)]
s3: libads: Cleanup - Remove two more ugly const struct sockaddr * casts in get_kdc_ip_string().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 19:04:16 +0000 (12:04 -0700)]
s3: libsmb: Cleanup - Pass samba_sockaddr directly to nb_trans_send().
Saves an ugly internal cast. We know this must be AF_INET.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 19:00:29 +0000 (12:00 -0700)]
s3: libsmb: Cleanup - Remove a union in sock_packet_read_got_socket() that was an early attempt a samba_sockaddr.
Just use samba_sockaddr.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:57:59 +0000 (11:57 -0700)]
s3: libsmb: Cleanup - Remove the last two sockaddr casts in namequery.c in name_query_validator().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:54:26 +0000 (11:54 -0700)]
s3: libsmb: Cleanup - Remove two more sockaddr casts inside remove_duplicate_addrs2().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:49:25 +0000 (11:49 -0700)]
s3: libsmb: Cleanup - Use samba_sockaddr as intended in resolve_name() to make ugly casts go away.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:32:52 +0000 (11:32 -0700)]
s3: libsmb: Cleanup - convert addr_compare() to using samba_sockaddr internally.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:26:23 +0000 (11:26 -0700)]
s3: libsmb: Cleanup - make name_query_send() use samba_sockaddr internally.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:23:53 +0000 (11:23 -0700)]
s3: libsmb: Cleanup - make name_status_lmhosts() use samba_sockaddr internally.
Use existing utility function instead of direct memcmp.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:19:29 +0000 (11:19 -0700)]
s3: libsmb: Cleanup - make node_status_query_send() use samba_sockaddr internally.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:16:11 +0000 (11:16 -0700)]
s3: libsmb: Cleanup - Longlines cleanup for README.Coding standards.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:12:03 +0000 (11:12 -0700)]
s3: libsmb: Cleanup - change parameter and callers of set_socket_addr_v4() to samba_sockaddr.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Jeremy Allison [Mon, 24 Aug 2020 18:05:11 +0000 (11:05 -0700)]
s3: libsmb: Cleanup - Remove one call to set_socket_addr_v4().
The stack variable sockaddr_storage ss wasn't being used at all.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Mathieu Parent [Thu, 25 Jun 2020 07:48:04 +0000 (09:48 +0200)]
Fix FTBFS / Increase the over-estimation for sparse files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14418
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 25 04:23:19 UTC 2020 on sn-devel-184
Christof Schmitt [Tue, 18 Aug 2020 19:48:09 +0000 (12:48 -0700)]
lib/util: Move cleanup for unit test in teardown function
Where to call rmdir does not matter, but that should avoid the TOCTOU
warning from CID
1466194 and might be slightly cleaner.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Aug 24 03:10:09 UTC 2020 on sn-devel-184
Christof Schmitt [Tue, 18 Aug 2020 16:29:28 +0000 (09:29 -0700)]
lib/util: Remove wrong return statement in unit test
Fixes CID
1466195
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Christof Schmitt [Tue, 18 Aug 2020 18:14:47 +0000 (11:14 -0700)]
lib/util: Fix cleanup in unit test
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Christof Schmitt [Tue, 18 Aug 2020 16:28:12 +0000 (09:28 -0700)]
lib/util: Remove unnecessary semicolon from wscript_build
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Thu, 20 Aug 2020 21:51:47 +0000 (15:51 -0600)]
python compat: remove ConfigParser
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 21 May 2019 22:32:29 +0000 (10:32 +1200)]
tests/vlv: attempt to cause trouble by changing sort attribute
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 21 May 2019 22:33:15 +0000 (10:33 +1200)]
tests/vlv: remove redundant assignments
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 21 Aug 2020 05:23:17 +0000 (17:23 +1200)]
s4/dns: do not crash when additional data not found
Found by Francis Brosnan Blázquez <francis@aspl.es>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Mon Aug 24 00:21:41 UTC 2020 on sn-devel-184
Douglas Bagnall [Fri, 21 Aug 2020 05:10:22 +0000 (17:10 +1200)]
s4: dns: Ensure variable initialization with NULL.
Ensure no use after free.
Based on patches from Francis Brosnan Blázquez <francis@aspl.es>
and Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 11 Aug 2020 16:09:14 +0000 (18:09 +0200)]
tldap: Receiving "msgid == 0" means the connection is dead
We never use msgid=0, see tldap_next_msgid(). RFC4511 section 4.4.1
says that the unsolicited disconnect response uses msgid 0. We don't
parse this message, which supposedly is an extended response: Windows
up to 2019 sends an extended response in an ASN.1 encoding that does
not match RFC4511.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Aug 21 20:37:25 UTC 2020 on sn-devel-184
Volker Lendecke [Thu, 13 Aug 2020 12:59:58 +0000 (14:59 +0200)]
test: Test winbind idmap_ad ticket expiry behaviour
We need to make sure that winbind's idmap_ad deals fine with an
expired krb ticket used to connect to AD via LDAP. In a customer
situation we have seen the RFC4511 section 4.4.1 unsolicited ldap exop
response coming through, but the TCP disconnect that Windows seems to
do after that did not make it. Winbind deals fine with a TCP
disconnect, but right now it does not handle just the section 4.4.1
response properly: It completely hangs.
This test requests a ticket valid for 5 seconds and makes the LDAP
server postpone the TCP disconnect after the ticket expiry for 10
seconds. The tests that winbind reacts to the ticket expiry exop
response by making sure in this situation the wbinfo call running into
the issue takes less than 8 seconds. If it did not look at the expiry
exop response, it would take more than 10 seconds.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 11 Aug 2020 16:24:39 +0000 (18:24 +0200)]
idmap_ad: Pass tldap debug messages on to DEBUG()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Wed, 12 Aug 2020 11:26:18 +0000 (13:26 +0200)]
tldap: Add PRINTF_ATTRIBUTE declaration to tldap_debug()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Tue, 11 Aug 2020 15:44:42 +0000 (17:44 +0200)]
tldap: Make sure all requests are cancelled on rundown
Put messages into the ld->pending array before sending them out, not
after they have been sent.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Tue, 11 Aug 2020 15:30:22 +0000 (17:30 +0200)]
tldap: Centralize connection rundown on error
Whenever send or recv return -1, we have to cancel all pending
requests and our transport stream is no longer usable: Discard it upon
such an error.
To avoid duplicate state, tldap_connection_ok() now looks at whether
we have a tstream_context around.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Tue, 11 Aug 2020 15:14:14 +0000 (17:14 +0200)]
tldap: Maintain the ldap read request in tldap_context
Required for proper connection rundown, we need to TALLOC_FREE() the
read request before shutting down the tstream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Mon, 17 Aug 2020 19:59:48 +0000 (21:59 +0200)]
tldap: Always remove ourselves from ld->pending at cleanup time
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Tue, 11 Aug 2020 14:54:34 +0000 (16:54 +0200)]
tldap: Fix tldap_msg_received()
The callback of "req" might have destroyed "ld", we can't reference
this anymore after calling tevent_req_done(req). Defer calling the
callbacks, which also means that the callbacks can't have added
anything to ld->pending.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Tue, 11 Aug 2020 14:16:12 +0000 (16:16 +0200)]
tldap: Only free() ld->pending if "req" is part of it
Best reviewed with "git show -U10". We need to check that "req" is
actually the last request that is being freed before freeing the whole
array.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Mon, 10 Aug 2020 14:24:04 +0000 (16:24 +0200)]
ldap_server: Terminate LDAP connections on krb ticket expiry
See RFC4511 section 4.4.1 and
https://lists.samba.org/archive/cifs-protocol/2020-August/003515.html
for details: Windows terminates LDAP connections when the krb5 ticket
expires, Samba should do the same. This patch slightly deviates from
Windows behaviour by sending a LDAP exop response with msgid 0 that is
ASN1-encoded conforming to RFC4511.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Fri, 7 Aug 2020 11:40:58 +0000 (13:40 +0200)]
ldap_server: Add the krb5 expiry to conn->limits
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 12 Aug 2020 13:50:58 +0000 (15:50 +0200)]
torture: Test ldap session expiry
LDAP connections should time out when the kerberos ticket used to authenticate
expires. Windows does this with a RFC4511 section 4.4.1 message (that as of
August 2020 is encoded not according to the RFC) followed by a TCP disconnect.
ldb sees the section 4.4.1 as a protocol violation and returns
LDB_ERR_PROTOCOL_ERROR.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Wed, 12 Aug 2020 13:48:01 +0000 (15:48 +0200)]
build: Wrap a long line
There will be another entry in the next commit
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 18 Aug 2020 09:38:57 +0000 (21:38 +1200)]
python: Remove remaining references to third_party python libs
For now at least we do not have any in third_party.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 21 00:12:52 UTC 2020 on sn-devel-184
Andrew Bartlett [Mon, 17 Aug 2020 23:59:09 +0000 (11:59 +1200)]
python: Add checks for some more required python packages
This catches the most important packages we require, but
this may not be the full list.
python-gpg is not listed as we have a big workaround handler
for this in samba-tool.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Andrew Bartlett [Mon, 17 Aug 2020 05:14:25 +0000 (17:14 +1200)]
Remove pyiso8601 from third_party
The trend has been to remove widely available packages from third_party/
This module is both widely available, and only needed for --enable-selftest
It is, strangely enough, a BuildDependes in the RHEL/Fedora packages
just to stop it being installed in third_party.
The check for iso8601 being available is moved to python/wscript
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Andrew Bartlett [Tue, 18 Aug 2020 02:50:36 +0000 (14:50 +1200)]
bootstrap: Fix python dependencies
Python2 dependencies are removed and the RPM name of python-iso8601
is added to allow removal from third_party.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Andrew Bartlett [Tue, 18 Aug 2020 02:53:35 +0000 (14:53 +1200)]
bootstrap: Fix spelling of README.md
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Volker Lendecke [Tue, 4 Aug 2020 12:04:48 +0000 (14:04 +0200)]
torture: Fix ldap.basic multibind test
It gets LDAP_STRONG_AUTH_REQUIRED from current AD servers
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 20 18:44:49 UTC 2020 on sn-devel-184
Volker Lendecke [Tue, 4 Aug 2020 11:58:37 +0000 (13:58 +0200)]
torture: Inline test_bind_simple()
Avoid losing the specific error code with this simple wrapper function
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 4 Aug 2020 10:50:22 +0000 (12:50 +0200)]
torture: Pass DN and password to ldap.basic test
Without this, test_multibind() only gets NULL for userdn and password,
not doing what the test claims. This now fails, because our LDAP
server does not allow plain text binds.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 4 Aug 2020 10:48:08 +0000 (12:48 +0200)]
torture: Add subunit output to ldap.basic test
The next commit will make this fail, and we need to detect this in
knownfail.d/ldap. Without subunit output filter-subunit won't find it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Günther Deschner [Tue, 10 Mar 2020 17:18:10 +0000 (18:18 +0100)]
docs: Add missing winexe manpage
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14318
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Aug 20 12:55:23 UTC 2020 on sn-devel-184
Andreas Schneider [Tue, 7 Jul 2020 12:27:07 +0000 (14:27 +0200)]
python:tests: Add test for SMB encrypted DCERPC connection
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Aug 19 17:46:28 UTC 2020 on sn-devel-184
Andreas Schneider [Fri, 24 Jul 2020 08:18:52 +0000 (10:18 +0200)]
s4:libcli: Require signing for SMB encryption
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Tue, 7 Jul 2020 10:44:26 +0000 (12:44 +0200)]
s4:libcli: Add smb2_connect_enc_start()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Tue, 7 Jul 2020 10:29:39 +0000 (12:29 +0200)]
s3:libcli: Split out smb2_connect_tcon_start()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Tue, 7 Jul 2020 10:54:26 +0000 (12:54 +0200)]
s4:libcli: Return if encryption is requested for SMB1
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 13 Aug 2020 14:16:55 +0000 (16:16 +0200)]
s4:libcli: Return NTSTATUS errors for smb_composite_connect_send()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 6 Jul 2020 09:05:59 +0000 (11:05 +0200)]
s3:libsmb: Make cli_cm_force_encryption_creds() static
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 6 Jul 2020 08:58:36 +0000 (10:58 +0200)]
examples: Remove obsolete force encryption from smb2mount
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 10 Jun 2020 10:51:18 +0000 (12:51 +0200)]
s3:rpcclient: Remove obsolete force encryption from rpcclient
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 10 Jun 2020 10:49:28 +0000 (12:49 +0200)]
s3:utils: Remove obsolete force encryption from smbcquotas
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 10 Jun 2020 10:48:18 +0000 (12:48 +0200)]
s3:utils: Remove obsolete force encryption from mdfind
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 10 Jun 2020 10:47:05 +0000 (12:47 +0200)]
s3:utils: Remove obsolete force encryption from smbacls
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 10 Jun 2020 10:43:33 +0000 (12:43 +0200)]
s3:client: Remove unused smb encryption code
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>